Abnormally high Sub-Seven attack rate increase

• Previous message: Nick FitzGerald: "Re: Virus? Trojan?"
• In reply to: David Gillett: "Virus? Trojan?"
• Next in thread: Jonathan Rickman: "Re: Virus? Trojan?"
• Next in thread: tcleary2at_private: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Howdy all! 

Is it just me or has the number of Sub-Seven probes grown
astronomically in the last 7 days? I am seeing on average 25-30
clients per day, each scanning 3 or 4 times each up from only 1 or 2
per day at most for the last several months.


Time, Event, Intruder, Count
12/30/2002 4:36:04 AM, SubSeven port probe, 211.54.97.249, 4
12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4
12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4
12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4
12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4
12/30/2002 3:51:45 AM, SubSeven port probe, 211.220.174.241, 4
12/30/2002 3:07:42 AM, SubSeven port probe,
pcp465155pcs.shrpsr01.tn.comcast.net, 4
12/30/2002 2:55:53 AM, SubSeven port probe, 211.180.104.212, 4
12/30/2002 2:55:52 AM, SubSeven port probe, 211.180.104.212, 4
12/30/2002 2:48:50 AM, SubSeven port probe,
CPE0080c6fe0c2c.cpe.net.cable.rogers.com, 4
12/30/2002 2:12:42 AM, SubSeven port probe, 61.84.87.119, 4
12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3
12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3
12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3
12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3
12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4
12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4
12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4
12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4
12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4
12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4
12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3
12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3
12/29/2002 11:52:24 PM, SubSeven port probe, 61.77.146.31, 4
12/29/2002 11:51:42 PM, SubSeven port probe, 218.148.57.89, 3
12/29/2002 11:51:41 PM, SubSeven port probe, 218.148.57.89, 3
12/29/2002 11:29:42 PM, SubSeven port probe, 211.230.118.236, 4
12/29/2002 10:48:21 PM, SubSeven port probe,
1Cust124.tnt1.reading.pa.da.uu.net, 4
12/29/2002 10:48:21 PM, SubSeven port probe,
1Cust124.tnt1.reading.pa.da.uu.net, 4
12/29/2002 10:42:14 PM, SubSeven port probe, 61.73.229.103, 4
12/29/2002 10:07:20 PM, SubSeven port probe,
s211-33-10-129.thrunet.ne.kr, 1
12/29/2002 10:07:19 PM, SubSeven port probe,
s211-33-10-129.thrunet.ne.kr, 1



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Rob Shein: "RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation"
• Previous message: Nick FitzGerald: "Re: Virus? Trojan?"
• In reply to: David Gillett: "Virus? Trojan?"
• Next in thread: Jonathan Rickman: "Re: Virus? Trojan?"
• Next in thread: tcleary2at_private: "Re: RPAT - Realtime Proxy Abuse Triangulation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:52:31 PST